Though I've spent enough time in California and the East Coast to
see some of their advantages as well, I am by birth a midwesterner: I
was born and raised in Chicago and Evanston, Illinois. My mother's
side of the family was from Minneapolis and I still have family here.

Research

My primary research interest is applications of program analysis
techniques for software security and correctness. This includes binary
analysis and transformation, hybrids of dynamic and static analysis
including symbolic execution, information flow and taint analysis,
instruction-level hardening and isolation, and applications of
decision procedures and proof-assistant tools.

FuzzBALL
is a binary-level symbolic execution tool built on top of the BitBlaze
platform. We've used it in several past projects and its source code
is now available on GitHub.

Some of my previous projects have their own web sites:

The BitBlaze
project centered at Dawn Song's research
group at UC Berkeley works on applications of binary analysis in
software security. While at Berkeley I worked on a series of projects
related to binary-level information-flow analysis, symbolic execution,
and other security applications.

Together with Greg
Morrisett of Harvard, while I was at MIT, I explored a
binary-level technique to efficiently isolate untrusted code
modules. For more about the technique, and its implementation in a
tool named PittSFIeld, see the PittSFIeld
page. More recently some of the key ideas in this work have been
used in Google's Native Client.

Earlier at MIT, I looked at some of the things that can go
wrong when software is upgraded, and how we can use programming
language and analysis technologies to mitigate those problems (web
page). This work formed the basis of my Master's thesis.

Publications

I plan to put together a unified list of my research publications
here in the future. Until then, my papers while at MIT (2002-2008) are
available here
on the PAG group's site, and my papers from UC Berkeley (2008-2012)
are available from the BitBlaze
publications list.

Prospective Students

I'm looking forward to meeting and potentially working with current
and prospective Minnesota students whose research interests overlap
with mine, including software security, binary analysis, symbolic
execution, and testing and correctness. If you're a current student,
please stop by my office (or email for an appointment) and introduce
yourself.

If you're a prospective graduate student with interests in these
areas, I encourage you to apply to Minnesota. Information about the
application process is available from the
department. I'd also be interested in corresponding with
prospective grad students by email to discuss your and my research
interests; David
Evans has some good advice on how to do this productively.

Course materials available for reuse:

Instruction-level rewriting assignment, suitable for an advanced
course in binary analysis, security program analysis, etc.. Based on a
simplified version of the PittSFIeld infrastructure, and tested in a
UMN course in 2013. (Note that my solutions for the first two problems
are public, so you'll need to modify them if you want to use them in a
graded context.)

Miscellaneous

During the spring of 2007, I worked as a TA in
6.001.
My
tutorial notes
from the semester are available.